Re: [PATCH] uprobes: Fix utask->depth accounting inhandle_trampoline()

From: Srikar Dronamraju
Date: Thu Sep 12 2013 - 02:49:15 EST


* Oleg Nesterov <oleg@xxxxxxxxxx> [2013-09-11 17:47:26]:

> Currently utask->depth is simply the number of allocated/pending
> return_instance's in uprobe_task->return_instances list.
>
> handle_trampoline() should decrement this counter every time we
> handle/free an instance, but due to typo it does this only if
> ->chained == T. This means that in the likely case this counter
> is never decremented and the probed task can't report more than
> MAX_URETPROBE_DEPTH events.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
> Reported-by: Mikhail Kulemin <Mikhail.Kulemin@xxxxxxxxxx>
> Reported-by: Hemant Kumar Shaw <hkshaw@xxxxxxxxxxxxxxxxxx>

Acked-by: Srikar Dronamraju <srikar@xxxxxxxxxxxxxxxxxx>

Mikhail Kulemin has verified that this fix works for him.

> ---
> kernel/events/uprobes.c | 4 +---
> 1 files changed, 1 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
> index f356974..ad8e1bd 100644
> --- a/kernel/events/uprobes.c
> +++ b/kernel/events/uprobes.c
> @@ -1682,12 +1682,10 @@ static bool handle_trampoline(struct pt_regs *regs)
> tmp = ri;
> ri = ri->next;
> kfree(tmp);
> + utask->depth--;
>
> if (!chained)
> break;
> -
> - utask->depth--;
> -
> BUG_ON(!ri);
> }
>
> --
> 1.5.5.1
>
>

--
Thanks and Regards
Srikar Dronamraju

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/